adrien-barret
49 verified skills343 total stars
code-reviewer
Review code changes, diffs, or pull requests for bugs, security issues, and best practice violations. Use after code changes or before merging PRs.
development7
cross-cutting-review
Multi-domain review across performance, security, operations, reliability, and data axes for changes that span concerns.
testing7
done-check
Definition of Done gate — verify a story is truly DONE by checking tests, acceptance criteria, business value proof, and user journey steps. Role-aware depth controlled by CK_USER_ROLE env var.
testing7
tagging-audit
Audit cloud resources for cost allocation tag compliance. Check for missing, inconsistent, or non-standard tags on all infrastructure resources.
testing7
impact-assessment
Assess change impact across people, process, and technology dimensions. Use before major changes, migrations, or new feature rollouts to understand the blast radius.
databases7
observability-design
Design observability blueprints — structured logging, metrics, distributed tracing, alerting, and dashboards for every service.
testing7
performance-mindset
Guide developers to think about performance as they code — algorithmic complexity, memory, I/O, caching, lazy evaluation, and profiling discipline.
development7
requirements-elicitation
Guide structured discovery of business requirements through stakeholder interviews, workshops, and document analysis. Use when starting a new project, feature, or initiative that needs clear requirements.
testing7
secret-rotation
Validate secret storage practices and rotation policies. Check for secrets in code, Vault usage, and rotation schedules.
development7
skill-creator
Meta-skill to generate new SKILL.md files for the BMAD template system. Creates well-structured skills with proper frontmatter and instructions.
tools7
terraform-review
Review Terraform code for module structure, state management, provider versioning, security, and operational best practices.
development7
test-check
For each modified function, find or create its test, run it, and update it only if the function contract changed intentionally. Never silently adjust tests to make failures disappear.
testing7
test-generator
Generate unit and integration tests for project code. Use when new code is written or test coverage needs improvement.
development7
client-advocacy
Decompose client requests into real needs, challenge assumptions, protect scope and IP.
tools7
market-analysis
Analyze competitive landscape, differentiation, trends, and build-vs-buy to inform product decisions.
development7
process-mapping
Map as-is and to-be business processes using structured flow notation. Use when analyzing workflows, identifying bottlenecks, or designing process improvements.
content-media7
readme-updater
Update project README based on current project structure and code. Use when project structure changes.
development7
risk-assessment
Identify, classify, and score project risks with mitigation strategies. Use at project kickoff, before major milestones, or when new risks emerge.
tools7
security
Orchestrate all security skills - code audit, infra audit, auth review, secret rotation, and pentest. Use for a full security assessment.
development7
stakeholder-challenge
Structure critical dialogue between PO, Tech Lead, and Architect to challenge assumptions, priorities, and feasibility.
tools7
technical-debt-radar
Identify, quantify, and communicate technical debt so it becomes negotiable with PO/TL — code smells, dependency health, architecture erosion, test and doc debt.
development7
communication-planning
Design stakeholder communication plans for change initiatives, releases, and incidents. Use when coordinating announcements, managing expectations, or planning rollout communications.
testing7
acceptance-validator
Validate completed work against acceptance criteria, architecture design, and customer requirements. Use as a quality gate before marking stories as passed.
testing7
accessibility-audit
Audit frontend code for WCAG 2.1 AA compliance including ARIA, keyboard navigation, contrast, and screen reader compatibility.
development7
auth-review
Review authentication and authorization design including OAuth, JWT, token expiration, RBAC/ABAC, and privilege escalation risks.
content-media7
budget-forecast
Estimate monthly cloud costs from infrastructure-as-code definitions and provide budget forecasting with cost breakdown by service, environment, and team.
development7
database-review
Review database schema, indexing strategy, query performance, and migration safety for relational and NoSQL databases.
data-ai7
dependency-auditor
Audit project dependencies for vulnerabilities, outdated versions, license compatibility, and supply-chain risk. Use before releases or periodically.
testing7
finops
Orchestrate all FinOps skills - cost optimization, tagging audit, waste detection, and budget forecasting. Use for a full cloud cost assessment.
testing7
gap-analysis
Compare current state vs desired state, identify gaps, and prioritize remediation actions. Use when assessing readiness, planning migrations, or evaluating compliance.
content-media7
git-commit-helper
Generate conventional commit messages from staged git changes. Use after staging files before committing.
tools7
infra-security-audit
Audit cloud and infrastructure configurations for open security groups, missing encryption, excessive permissions, and missing WAF or rate limiting.
testing7
milestone-tracking
Track project milestones against timeline, flag delays, and forecast completion. Use for status reporting, schedule reviews, or deadline management.
data-ai7
pentest-web
Simulate web penetration testing for auth bypass, IDOR, privilege escalation, SSRF, rate-limit bypass, JWT attacks, API abuse, and business logic flaws.
development7
performance-audit
Audit application code for performance issues including N+1 queries, bundle size, caching, lazy loading, and connection pooling.
development7
plan-writer
Decompose a story into ultra-granular implementation tasks (2-5 minutes each) with exact file paths, complete code, and verification commands. Use for stories estimated at more than 50 lines of code. Includes a plan-reviewer subagent for validation.
development7
readiness-check
Definition of Ready (DoR) gate — checks dependency completion, AC testability, and traceability before a story can start implementation. Use before picking up a story.
testing7
retrospective
Facilitate structured retrospectives to capture what went well, what to improve, and concrete action items. Use at the end of sprints, milestones, or incidents.
testing7
spec-reviewer
Review completed story implementation against acceptance criteria using a fresh subagent. Dispatches an independent reviewer that reads code directly — does not trust the implementer's report. Use after a teammate reports completion to verify spec conformity before acceptance validation.
development7
sprint-planning
Structure sprint planning with capacity calculation, velocity tracking, story selection, and team commitment. Use at the start of each sprint or iteration.
testing7
tdd-enforced
Enforce strict Test-Driven Development (RED-GREEN-REFACTOR) during implementation. Injected into teammate prompts to ensure no production code is written without a failing test first. Includes anti-rationalization table and red flags.
development7
threat-model
Perform STRIDE threat modeling on application architecture to identify spoofing, tampering, repudiation, info disclosure, DoS, and elevation of privilege threats.
data-ai7
traceability-check
Build a traceability matrix from BMAD artifacts (problem.md, backlog.md, user-journey.md). Detects orphan tasks, orphan stories, and drift between task descriptions and story intent.
development7
value-prioritization
Data-driven backlog prioritization using WSJF, RICE, value/effort matrix, and dependency analysis.
data-ai7
waste-detection
Detect cloud resource waste including idle instances, unattached volumes, orphaned snapshots, unused Elastic IPs, and over-provisioned dev/staging environments.
development7
cost-optimization
Review infrastructure code for cloud cost optimization opportunities including rightsizing, auto-scaling, reserved instances, spot instances, and storage tiering.
development7
api-documenter
Generate API documentation from code endpoints. Use when APIs are added or changed to produce Markdown or OpenAPI docs.
development7
code-security-audit
Scan application code for OWASP Top 10 vulnerabilities, injection flaws, XSS, CSRF, hardcoded secrets, and unsafe cryptography.
development7
policy-drafting
Draft organizational policies following compliance frameworks and best practices. Use when creating security policies, development standards, governance documents, or operational procedures.
development7